I’ve configured WireGuard server on my fresh Rocky Linux 9, I am able to connect to it and ping from both ends (client/server) each other but it looks like the masquerade doesn’t work.
In my /etc/sysctl.conf
I have:
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
I did run it:
# sysctl -p
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
I’ve configured firewalld:
firewall-cmd --zone=public --add-port=8443/udp --permanent
firewall-cmd --zone=internal --add-interface=wg0 --permanent
firewall-cmd --zone=public --add-rich-rule='rule family=ipv4 source address=10.0.0.0/24 masquerade' --permanent
firewall-cmd --zone=public --add-rich-rule='rule family=ipv6 source address=fd21:fe12:bf9b::/64 masquerade' --permanent
firewall-cmd --reload
# firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens18
sources:
services: cockpit dhcpv6-client
ports: 2222/tcp 8443/udp
protocols:
forward: yes
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="1.2.3.4" port port="2222" protocol="tcp" accept
rule family="ipv4" source address="10.0.0.0/24" masquerade
rule family="ipv4" source address="2.3.4.5" port port="2222" protocol="tcp" accept
rule family="ipv6" source address="fd21:fe12:bf9b::/64" masquerade
rule family="ipv4" source address="3.4.5.6" port port="2222" protocol="tcp" accept
rule family="ipv4" source address="4.5.6.7" port port="2222" protocol="tcp" accept
rule family="ipv4" source address="8.9.10.11" port port="2222" protocol="tcp" accept
# firewall-cmd --zone=internal --list-interfaces
wg0
What else should be set to allow outgoing traffic to peers?